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REMARKS 

Applicant respectfully requests reconsideration of the rejection of this application as 
examined pursuant to the office action of March 16, 2007. In the office action, pending Claims 
1-11 and 14-20 were examined. Independent Claims 1, 9 and 15, and dependent Claims 2, 10 
and 19 have been amended. Claims 1-11 and 14-20 remain pending. 

Claims 1-11 and 14-20 were rejected in the office action under 35 USC § 103(a) as being 
unpatentable over IEEE Standard 802. IX "Port-Based Network Access Control" ("IEEE 
Standard") in view of US Patent No. 7,042,988 issued to Juitt et al. ("Juitt"). 

The invention as described by the presently pending claims is a method and system to 
establish effective security at the edge of the network without burdening network entry devices 
of the infrastructure with all attributes of authentication functionality. The invention provides 
authentication-information-only relay functionality for all attached functions seeking access to 
network services at network entry. The relay function first forwards authentication signals only 
for processing by more centralized functions of the network system. Only after receiving 
authentication information does the relay entry system forward other signal types. The relay 
functionality of the present invention as described by the pending claims eliminates the need for 
full authentication functionality in all network entry devices without compromising complete 
authentication activities. This arrangement moves the network protection boundary outward 
without adding complexity. Applicant respectfully suggests that the cited references fail to 
render the present invention obvious. 

Applicant has amended independent Claims 1, 9 and 15 to describe with further clarity 
the present invention, in which only authentication signals are forwarded by a network entry 
device for attached function authentication prior to permitting the forwarding of any non- 
authenticating signals. This amendment to the independent claims is fully supported by the 
Specification at least at paragraphs [013] and [024]. Applicant has also amended dependent 
Claims 2, 10 and 19 to clarify that an embodiment of the invention contemplates the forwarding 
of the authentication messages an authentication function via OSI Layer 2 rather than the higher 
level transmission protocol contemplated by the IEEE Standard. This amendment is fully 
supported by the Specification at least at paragraph [025]. Applicant respectfully suggests that 
the presently pending claims of the application are allowable. 
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The 35 USC § 103(a) Rejection 

Claims 1-11 and 14-20 were rejected in the March 16, 2007, office action as being 
unpatentable over the IEEE Standard in view of Juitt. It is asserted in the office action regarding 
Claim 1 that the IEEE Standard describes through page 9, figure 6.2, and page 1 1, figure 6.5, the 
steps of: a) configuring the network entry device to recognize authentication signals; b) receiving 
at the entry device signal packets from an attached function; c) holding or discarding non- 
authenticating signals of the packets; d) forwarding only authenticating signals to another device 
for authentication; and e) forwarding non-authenticating signals through the entry device only 
after authentication. Step a) of the method of Claim 1 in its entirety describes "configuring the 
network entry device to recognize authentication signals received from an attached function, and 
not to operate as a PAE authenticator". Figure 6-5 of the IEEE Standard only shows a network 
device for forwarding authentication signals that is also a PAE authenticator (see the 
Authenticator System of that figure). The IEEE Standard therefore does not contemplate a 
method or system in which the forwarding device is not a PAE authenticator. That is noted in 
the office action, and Juitt is then cited as disclosing an authentication gateway server used in 
combination with wireless access points such that the wireless access point corresponds to the 
non-PAE authenticator network entry device and related method of the present invention. 

Applicant respectfully disagrees with the asserted representation of the scope of the Juitt 
reference. In particular, the office action incorrectly mixes and matches features described in the 
IEEE Standard with features of a plurality of components of the Juitt reference. The office 
action seeks to combine features of the Juitt gateway server (allowing initial passage of only 
authentication signals for authentication) and the separate wireless access point (a forwarding 
device that is not a PAE authenticator) as representative of a single device having the features of 
the present invention. However, Juitt cannot be read in that way. Specifically, the wireless 
network entry devices of Juitt allow both authenticating and non-authenticating signals through 
to the network prior to authentication. See, for example, column 3, lines 1-1 1, of Juitt, in which 
it is stated that "The request might be an explicit request for access, and can include an identifier 
and authentication information . . . The request might be an implicit request, such as a request to 
access network resources, a web page request, and so on." Clearly, Juitt contemplates having the 
network entry devices act simply as forwarding devices for all signals and not as an initial filter 
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of only authentication signals. Therefore, while the Juitt network entry devices are not PAE 
authenticators, neither do they serve to bar non-authenticating signals until after authentication, 

The combination of the Juitt system and corresponding method with the IEEE Standard 
fails to address the problem solved by the present invention, That is, it remains possible with the 
Juitt system to overwhelm the network entry devices with a broad transmission of non- 
authenticating signals, which could swamp the Juitt gateway server in a Denial of Service attack. 
The authentication functionality of the central gateway server (or even a core authentication 
server to which the Juitt gateway server may pass authentication signals, see e.g., column 3, lines 
51-54) may protect the network from unauthorized access, but it may not prevent overwhelming 
attacks. Moreover, the IEEE Standard does not contemplate and address such an attack. On the 
other hand, the present invention does address it by pushing out truly to the edge of the network 
a level of protection contradicted by the Juitt system. Specifically, the present invention 
provides initial blocking of non-authenticating signals at the edge until authentication occurs. In 
this way, a relatively inexpensive and relatively simple network device may reside at the edge 
(where the number of network devices is ordinarily the greatest) without the processing 
commitment required of an authenticator. The presently pending claims describe such a system 
and related method, consistent with the goal of providing network protection without the excess 
burden of complexity in all network devices involved in the authentication process. 

Whereas the rejection of all pending claims of the application is based on the same 
combination of the IEEE Standard and Juitt references, Applicant respectfully suggests that the 
amendments made to the claims and the arguments presented herein successfully traverse the 35 
USC § 103(a) rejection of the claims. Withdrawal of that rejection is therefore requested. 

CONCLUSION 

Applicant respectfully suggests that the claim amendments and the arguments presented 
herein fully address the rejection under 35 USC § 103(a). Allowance of pending Claims 1-11 
and 14-20 is therefore requested. Applicant notes that by this amendment, pending dependent 
Claims 2, 10 and 19 have been amended and no new claims have been added. Therefore, no 
additional filing fee is required. 
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Respectfully submitted, 

Chris A. Caseiro, Reg. No. 34,304 
Attorney for Applicant 
Verrill Dana, LLP 
One Portland Square 
Portland, ME 04112-0586 
Tel. No. 207-253-4530 



Certificate of Transmission 

I hereby certify that this correspondence is being transmitted to Mail Stop Non-Fee 
Amendment, Commissioner for Patents, PO Box 1450, Alexandria, VA 22313-1450, using the 
EFS-Web Service of the US Patent Office on June 13, 2007. It is hereby requested that this 
correspondence be assigned a filing date of June 13, 2007. 
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Chris A. Caseiro 
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